RFR 8149521: automatic discovery of LDAP servers with Kerberos authentication
Vincent Ryan
vincent.x.ryan at oracle.com
Tue May 10 13:52:32 UTC 2016
Looks fine to me Max.
Thanks.
> On 10 May 2016, at 14:34, Wang Weijun <weijun.wang at oracle.com> wrote:
>
> Hi All
>
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/8149521/webrev.00/
>
> While the bug report [1] suggests we can fix com.sun.jndi.ldap.ServiceLocator to emit a trail-dot-less hostname, I am not sure if it's safe to do so. Anyway, the failure is on the Kerberos side and I believe this is a regression since we stop canonicalizing the hostname. Therefore I prefer to do a small "normalization" inside PrincipalName.
>
> Thanks
> Max
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8149521
More information about the security-dev
mailing list